Update docker/resume/nginx.conf

docker/resume/nginx.conf

@@ -1,6 +1,12 @@
-server {
+http {
+    # Rate limiting zone defined at the top-level 'http' block
+    limit_req_zone $binary_remote_addr zone=default:10m rate=20r/s;
+
+    server {
         listen 8080 http2;
+        listen [::]:8080 http2;
         listen 8080 quic reuseport;
+        listen [::]:8080 quic reuseport;
         http3_max_concurrent_streams 128;
 
         root /usr/share/nginx/html;
@@ -8,7 +14,7 @@ server {
 
         server_name colinknapp.com www.colinknapp.com;
 
-    # Security Headers
+        # Security headers
         add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
         add_header X-Frame-Options "DENY" always;
         add_header X-Content-Type-Options "nosniff" always;
@@ -27,30 +33,19 @@ server {
             form-action 'self';
         " always;
 
-    # Rate Limiting
+        # Enable long-term caching for JavaScript, CSS, and HTML files
-    limit_req_zone $binary_remote_addr zone=default:10m rate=20r/s;
-    limit_req_status 429;
-
-    # Cache headers for JavaScript, CSS, and HTML
         location ~* \.(js|css|html)$ {
             expires 1y;
             add_header Cache-Control "public, max-age=31536000, immutable";
         }
 
-    # Global Rate Limit and Caching for all requests
+        # Apply rate limiting within the server block
         location / {
             limit_req zone=default burst=30;
             try_files $uri $uri/ =404;
         }
 
-    # Admin Route with IP Whitelisting and Rate Limit
-    location /admin/ {
-        allow 192.168.1.0/24; # Trusted IP range
-        deny all;
-        limit_req zone=default burst=10;
-        try_files $uri $uri/ =404;
-    }
-
         # HTTP/3 advertisement header
         add_header Alt-Svc 'h3-29=":8080"; ma=86400';
+    }
 }